CVE-2026-23475 in Kernel
要約 (英語)
In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation
The controller per-cpu statistics is not allocated until after the
controller has been registered with driver core, which leaves a window
where accessing the sysfs attributes can trigger a NULL-pointer
dereference.
Fix this by moving the statistics allocation to controller allocation
while tying its lifetime to that of the controller (rather than using
implicit devres).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
責任者
Linux
予約する
2026年01月13日
公開
2026年04月03日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 355165 | Linux Kernel spi サービス拒否 | 476 | 未定義 | 公式な修正 | CVE-2026-23475 |